Tag Archives: PositiveTechnologies

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

Leave a reply

September In the Trend of VM (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server. A traditional monthly roundup – for the first time with NO Microsoft vulnerabilities! 😲🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of eight trending vulnerability IDs in four products:

🔻 Remote Code Execution – WinRAR (CVE-2025-6218, CVE-2025-8088). An exploitable RCE during archive extraction.
🔻 Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999). An exploitable RCE in a component of a popular ERP system.
🔻 Remote Code Execution – 7-Zip (CVE-2025-55188). Mostly a Linux RCE during archive extraction – a public exploit is available.
🔻 Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114). Critical flaws in Russian videoconferencing system.

На русском

About Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114) vulnerability

Leave a reply

About Remote Code Execution - TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114) vulnerability

About Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114) vulnerability. TrueConf Server is a popular Russian corporate messenger and video conferencing system. A chain of critical vulnerabilities in TrueConf Server was discovered by PT SWARM expert Nikita Petrov:

🔻 Vulnerability BDU:2025-10114 is related to insufficient access control and allows an attacker to send requests to certain administrative endpoints without permission checks or authentication.

🔻 Vulnerability BDU:2025-10115 allows an attacker to read arbitrary files on the system.

🔻 The most critical – BDU:2025-10116 – allows a potential attacker to inject and execute arbitrary OS commands.

⚙️ Security updates were released on August 27, 2025.

👾🛠 There are currently no signs of exploitation in the wild or public exploits.

🌐 According to Positive Technologies, there are over 7,000 TrueConf Server installations in Russia alone.

На русском

Statistics on 2024 trending vulnerabilities were featured in the OIC-CERT annual report

Leave a reply

Statistics on 2024 trending vulnerabilities were featured in the OIC-CERT annual report

Statistics on 2024 trending vulnerabilities were featured in the OIC-CERT annual report. 🎉

🔹 The Organisation of Islamic Cooperation (OIC) is the largest and most influential official intergovernmental Muslim international organization. It currently unites 57 countries with a population of about 2 billion people. Russia is also a member of the OIC as an observer.

🔹 OIC-CERT is a computer incident response team and a subsidiary of the OIC. It brings together national CERTs from 27 countries, as well as 8 commercial organizations, including Positive Technologies.

➡️ The statistics on 2024 trending vulnerabilities that I prepared were published in the section highlighting Positive Technologies’ results (report size: 67.49 MB, p.229).

I’m glad my work contributed to promoting PT ESC and Positive Technologies among national CERTs and key decision-makers! 😉

На русском

August “In the Trend of VM” (#18): vulnerabilities in Microsoft Windows and SharePoint

1 Reply

August In the Trend of VM (#18): vulnerabilities in Microsoft Windows and SharePoint

August “In the Trend of VM” (#18): vulnerabilities in Microsoft Windows and SharePoint. A traditional monthly roundup – this time, it’s extremely short.

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

Only two trending vulnerabilities:

🔻 Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770). The vulnerability is being widely exploited; attackers may even have gained access to U.S. nuclear secrets. The vulnerability is also relevant for Russia.
🔻 Elevation of Privilege – Windows Update Service (CVE-2025-48799). The vulnerability affects Windows 10/11 installations with at least two hard drives.

На русском

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube

Leave a reply

July In the Trend of VM (#17): vulnerabilities in Microsoft Windows and Roundcube

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it’s a very short one. 🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

Only three trending vulnerabilities:

🔻 Remote Code Execution – Internet Shortcut Files (CVE-2025-33053)
🔻 Elevation of Privilege – Windows SMB Client (CVE-2025-33073)
🔻 Remote Code Execution – Roundcube (CVE-2025-49113)

На русском

June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

Leave a reply

June In the Trend of VM (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. 🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of 7 trending vulnerabilities:

🔻 Elevation of Privilege – Microsoft DWM Core Library (CVE-2025-30400)
🔻 Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706)
🔻 Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475)
🔻 Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)
🔻 Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443)
🔻 Remote Code Execution – 7-Zip (BDU:2025-01793)

На русском

Impressions from PHDays Fest

Leave a reply

Impressions from PHDays Fest

Impressions from PHDays Fest. 🏟

🔹 The scale was just insane. You walk and walk – and there’s action everywhere, and all of it is PHDays, every bit of it. 👀 It totally blew my mind, I saw just a tiny fraction of everything that was going on. 🤯🙂

🔹 In the public area, I was impressed by the university pavilions – BMSTU, HSE, MSU, ITMO, and Polytech. I see a lot of potential here for smaller activities, like alumni talks. I’ll try to be part of something like that next year. 😇

🔹 In the ticketed-access exhibition area, I mostly hung out at Security Vision booth. Great folks – I learned a lot about their VM product; will share insights soon. 😉

🔹 As for my own talk – everything was really well organized. 👍 Huge thanks to everyone who came and asked questions! 🙏🔥

🔹 I caught other talks in bits and pieces – planning to watch the full recordings later.

Thanks to the organizers! It was awesome! See you next year! 🎉🙂

На русском